Virtual Wire Pair This feature (276013), available in NAT and Transparent mode, replaces the Port Pair feature available in FortiOS 5.2 in Transparent mode only. When when two physical interfaces are setup as a Virtual Wire Pair, they will have no IP addressing and are treated similar to a transparent […]
Fortinet Single Sign-On FSSO is a set of methods to transparently authenticate users to FortiGate and FortiCache devices. This means that the FortiAuthenticator unit is trusting the implicit authentication of a different system, and using that to identify the user. FortiAuthenticator takes this framework and enhances it with several authentication […]
FGSP CLI command name changed The FortiOS 5.2 command config system session-sync has been changed in FortiOS 5.4 to config system cluster-sync. Otherwise the command syntax is the same and the config system ha commands used for FGSP settings have not changed.
If you were one of those people, like me, that would have application control sessions blocked after a failover on HA then 5.4 may be beneficial for you! See below! VOIP application control sessions are no longer blocked after an HA failover (273544) After an HA failover, VoIP sessions that […]
FGCP supports BFD enabled BGP graceful restart after an HA failover If an HA cluster is part of a Border Gateway Protocol (BGP) bidirectional forwarding detection (BFD) configuration where both the cluster and the BGP static neighbor are configured for graceful restart, after an HA failover BGP enters graceful restart mode and […]
So, a lot of people are starting to deploy HA clusters of Fortinet hardware which is awesome. There are however some things you will want to consider before doing so. Here is a drill down from the Fortinet HA for FortiOS 5.4 Administration document. Before you begin Before you begin […]
FortiGates are interface driven firewalls. Policy is relatively straight forward. Port 1 to Wan 1 Allow HTTP NAT you get my drift. In more complex environments though where you can easily have 5-10 interfaces (even more if you bring in VLAN’s) you will most certainly want to use Zones. What […]